Potentially unsafe file permissions required for Teams 1.3.00.30857 on Linux

Thomas Hansen 1 Reputation point
2020-12-08T11:30:25.71+00:00

To whom it may concern,

I recently updated to the latest version of Teams on Linux, i.e. 1.3.00.30857. This resulted in Teams no longer starting. When looking closer into things, I found the following message in $HOME/.config/Microsoft/Microsoft Teams/logs/teams-startup.log :

[4706:1208/095531.157346:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper binary was found, but is not configured correctly. Rather than run without sandboxing I'm aborting now. You need to make sure that /usr/share/teams/chrome-sandbox is owned by root and has mode 4755.

After changing /usr/share/teams/chrome-sandbox to have access permissions 4755 (rwsr-xr-x), I was able to launch Teams.
However, setting the setuid bit on this file and having it owned by root seems like a security concern. Especially since I have numerous other electron apps installed, and none of them require this change in configuration despite also using chrome-sandbox.

I'd be grateful if you could either fix this so that changing the file permissions is not required, or provide an explanation as to why this is necessary for MS Teams but not for any other electron apps, e.g. VS Code which is also one of your products.

Yours faithfully,
Thomas Hansen

Skype for Business Linux
Skype for Business Linux
Skype for Business: A Microsoft communications service that provides communications capabilities across presence, instant messaging, audio/video calling, and an online meeting experience that includes audio, video, and web conferencing.Linux: A family of open-source Unix-like operating systems.
456 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JimmyYang-MSFT 48,536 Reputation points Microsoft Vendor
    2020-12-09T02:29:21.59+00:00

    Hi @Thomas Hansen ,

    Have you tried to run the app with the –no-sandbox argument?

    Considering the security is a serious concern to you, I would suggest either sticking with a previous release or using the open source “teams-for-linux” package which still works fine. For more discussion about this issue, you can refer to:

    https://aur.archlinux.org/packages/teams/

    For more details about sandbox description, you can learn it from:

    https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md#Overview


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.